...

A number of key security issues have been identified in the way Maven
resolves and retrieves dependencies. These issues have been identified in
documents written by Nat Pryce and John Casey:

http://docs.codehaus.org/display/MAVEN/Repository+-+Security^{Image Removed}http://docs.codehaus.org/display/MAVEN/Repository+-+Security+by+nat+pryce^{Image Removed}

Casey proposes to tighten up the repository upload procedure, which is a
good first step. However, signing all artifacts (and in particular, the
ongoing workload of needing to distribute derivative certificates)
may prove to be too onerous a procedure.

...

References:
-----------

1 Using FreeBSD Ports:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html^{Image Removed}

2 NetBSD Pkgsrc:
http://www.netbsd.org/Documentation/pkgsrc/^{Image Removed}

3 NetBSD Pkgsrc info about 'distinfo' where checksum/size info is stored:
http://www.netbsd.org/Documentation/pkgsrc/components.html#components.distinfo^{Image Removed}

John Casey

This is a simple Copy/Paste from an email I sent out to the maven2 users.

...